PyKeylogger

-
-

PyKeylogger
Download
Instructions
Future Direction
Any questions?
Help wanted
SF Summary Page
SF Download Page

- -

- PyKeylogger is a simple keylogger written in the python programming language. - I threw it together one day after not being able to find a simple and trustworthy - (as in, source code available) keylogger for windows. It is primarily designed for personal - backup purposes, rather than stealth keylogging. Thus, it does not make explicit attempts - to hide its presence from the operating system or the user. -

- That said, the only way it is visible - is that the process name shows up in the task list - and since the .exe can be renamed to - whatever, and when it is run from source it shows up as "pythonw.exe", it is not immediately - apparent that there is a keylogger on the system - so it could be used for stealth logging. - However, since it also makes periodic writes to disk, and since - it openly hooks well-known windows APIs (SetWindowHookEx), any keylogger detector worth its salt will be able to sniff it out. - So basically, it doesn't exactly advertise itself, but doesn't hide itself either. -

- My main goal is to create a "universal backup solution" for everything you type. We have all - at one time or another accidentally closed that word or notepad file without saving. We have - all lost form data on the web after it failed to submit properly. Not even mentioning the - ever-present threat of computer crash. PyKeylogger logs everything you - type, so you can recover the text of anything you type in any application. Simple and elegant, don't you think? :) -

- Since PyKeylogger is available as a simple python source file (well, a few simple source files), there are no trust issues - with using it - you can just look at the source yourself and make sure that it does exactly - what you need it to, and nothing more. (Especially not sending your info to someone else without your knowledge.) -

- If you think you can trust me, and/or if you are not interested in getting all those packages - to run the source file (see instructions below), there is also a binary distribution available for windows. -

- Although linux may be more in need of such backup, since the autosave feature of many linux programs - is not as established as that of say, MS Office, unfortunately PyKeylogger is not available for linux yet. If you think - that you can contribute a linux port of the keylogging function, feel free to jump in. -

- -

Download

- You can download PyKeylogger from the - SourceForge download page. If you feel adventurous, you could also pull the latest from CVS on sourceforge. -

- -

Instructions

- -

- Here is a brief manual for people who like to know what the program is supposed to do without looking at the source. :) -

Installing pykeylogger

- If you want to run PyKeylogger from source, it requires the following dependencies: -

python (only 2.3 and up, due to my using the optparse module) -
pyHook -
win32all extensions -
py2exe [Optional: only if you want to freeze your own executable out of source. (0.5.4 and up, if you want to freeze from .pyw file, not .py)] -

- After all those are installed, just double click the keylogger.pyw file, - and it will run in the background, logging your keys. -

- Alternatively, if you want to use the binary distribution, you dont need any of those packages. - You can just get the binary package for windows. Unzip the archive, put the contents - anywhere you want (as long as they are all together in the same directory, of course), and run - keylogger.exe. You can rename the exe to anything you want before running it, if you don't want "keylogger.exe" - showing up in your task list. -

- Default log location is the directory "C:\Temp\logdir". If you don't like this, or any other defaults, see below - for command line options. But in general I try to keep the defaults pretty sane, so you can just run without any options if you want to. -

Running pykeylogger

- Since the file's extension is ".pyw", it runs without a console window in the background, - if you just double-click the file. If you want to see the console (to see error output, e.g.), - just rename the file with ".py" extension, or run it from command line with -

python keylogger.pyw

Running from binary, just run "keylogger_debug.exe" to see the console, - instead of the regular "keylogger.exe". -

- -

Controlling pykeylogger:

- PyKeylogger accepts several commandline options to customize its behavior. They are as follows: -

-            usage: keylogger.pyw [options]
-            
-            options:
-              --version             show program's version number and exit
-              -h, --help            show this help message and exit
-              -f DIRNAME, --file=DIRNAME
-                                    write log data to DIRNAME [default: C:\Temp\logdir]
-              -k, --keyboard        log keyboard input [default: True]
-              -a, --addlinefeed     add linefeed [\n] character when carriage return [\r]
-                                    character is detected (for Notepad compatibility)
-                                    [default: False]
-              -b, --parsebackspace  translate backspace chacarter into printable string
-                                    [default: False]
-              -e, --parseescape     translate escape chacarter into printable string
-                                    [default: False]
-              -x EXITKEY, --exitkey=EXITKEY
-                                    specify the key to press to exit keylogger [default:
-                                    F12]
-              -l FLUSHKEY, --flushkey=FLUSHKEY
-                                    specify the key to press to flush write buffer to file
-                                    [default: F11]
-              -d, --debug           debug mode (print output to console instead of the log
-                                    file) [default: False]
-              -n NOLOG, --nolog=NOLOG
-                                    specify an application by full path name whose input
-                                    will not be logged. repeat option for multiple
-                                    applications. [default: none]
-              -o ONEFILE, --onefile=ONEFILE
-                                    log all output to one file ONEFILE, (inside DIRNAME,
-                                    as specified with -f option), rather than to multiple
-                                    files. [default: none]
-              -s SYSTEMLOG, --systemlog=SYSTEMLOG
-                                    log all output, plus some debug output, to a SYSTEMLOG
-                                    file (inside DIRNAME, as specified with -f option).
-                                    [default: none]
-              -i INTERVAL, --interval=INTERVAL
-                                    specify the time interval between buffer autoflush
-                                    events, in seconds. [default: 120.0]
-

- To run in debug mode from source, make sure to use the commandline

python keylogger.pyw -d

- rather than just "keylogger.pyw -d". Since the .pyw extension on the source hides the console window, - unless you do that you will not see any output on the console, because the console is hidden. :) - The same applies if you want to see the help output from the '-h' option. -

- To run in debug mode from exe, use the keylogger_debug.exe with -d option, NOT the regular keylogger.exe. -

Reading the log files

- The log files are organized in directories, where each directory is named after the application name whose window you - were typing into. Inside those directories, there are multiple text files, each file named by date, unique window handle, - and window title. Thus, if you want to find what you typed in notepad, first go to the notepad directory, then find the - log file by date and window title. If you are running with the --onefile option, however, everything just goes into one file. -

- The log file has two non-printable characters in it: backspace, and escape. Thus, opening the file with - Notepad or Wordpad, you will see a lot of "junk" characters, if you press a lot of backspace (which I do). - To read the file properly (where backspace and escape are marked as such), use the excellent editor - called SciTE. -

- If you want to use windows notepad or wordpad, you may want to clean up the log file, by modifying the filter - in pykeylogger to substitute a string for those characters, as well as putting in \n\r instead of just \n - in order to get the linebreaks in notepad to show up. This can be accomplished by adding appropriate command - line arguments to the keylogger (see list above). -

- Before checking your log file, press 'F11' on the keyboard, to flush the write buffer to the file, if you want to look - at the most recent input. If you use Wordpad, you will notice that Wordpad refuses to open a file that is being used, - so you will have to make a copy of the logfile and open the copy with wordpad, rather than open the logfile directly. -

- As of version 0.6.6, pykeylogger automatically flushes the file write buffer periodically (interval set with - -i option), so that even in the event of a system crash, you are less likely to lose the recent input. - [Thanks to anonymous forum poster for this suggestion.] -

- - -

Future direction [Features planned]

- *** DONE! *** - Enhance the logging capability so that it splits the keyboard input by window, for ease of finding it later - (as opposed to the old method of dumping everything into one large log file). - -
- *** DONE! *** - Add command line option to not log input of certain applications. (For example, Gaim - since it already logs its chats - if you want to, having PyKeylogger running at the same time would be logging everything twice.) - -
- *** DONE! *** - Add command line option to log to just one file, instead of the default logging to multiple files. - -
- Create a log viewer, where you can search by date, application name, and window title (and of course, text strings). - Aiming for something like the Gaim log viewer. -
- Implement a feature where logs older than X days are automatically deleted. If you are using pykeylogger as - a backup against accidental deletions, you may not want to keep months-old stuff on disk, but only say, a day's - worth of stuff. Seems like it would be useful to add an option to specify maximum log age. -
- Improve behavior when logging international keyboard layouts. Right now I am not exactly sure how to properly log - things like accented and umlaut-ed vowels, etc, so our international users have to put up with less than perfect - logging. -
- Another feature I plan for the log viewer is to have an option to parse the backspaces and arrow keys to recreate - the final output, rather than have a bunch of [Backspace] and [LeftArrow] text in the log. Of course, if you want that - to be particularly useful, you have to try to refrain from using the mouse to reposition your cursor :). I wonder if - this is really going to be helpful... -
- As per a suggestion I received through feature requests on sf, I want to log all kb/mouse (though maybe to start with, just kb) - events, and have them be re-playable as if they are being typed. Goal is to support gui testing. -
- Anything else you want to suggest? Feel free to do so by submitting feature requests on the - SF Project Page -

- - -

Where can I ask more questions?

- You can report bugs, feature requests, or submit patches at PyKeylogger's sourceforge page: - http://sf.net/projects/pykeylogger -

- You can also e-mail me directly at this address (remove nospam) -

- -

How can I help out?

- If you're a programmer, please feel free to hack around in PyKeylogger code, - to add features, or anything else you would like. Get the latest src package, or just pull - the latest release (or, if you are feeling daring, HEAD) from CVS. -

- In particular, it would be nice if you could port the code to linux. Currently, PyKeylogger uses the pyHook - module, which is windows only, since it is a wrapper of the set of Windows APIs. I have no access to a linux box - at the moment, nor do I have much of a clue on how to hook keyboard input at the system level in linux. -

- If you're not a programmer, you could file bug reports or feature requests on - PyKeylogger SourceForge page. -

- Any contributions will be gladly accepted as patches at sourceforge. -

- - - - Last changed: Nov 23 2005 18:27 -

-
- The page layout shamelessly ripped off from http://gnome-sudoku.sourceforge.net/ :)
-

- Counter provided by digits.com -

- - + + + +PyKeylogger + + +If you have not been automatically redirected, you should click here. + + \ No newline at end of file -- 2.45.1